<?php
//Start session
session_start();

//Include database connection details
require_once ('config.php');

//Connect to mysql server

$connect = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("Couldn't connect to MySQL server!");

//Select database

$db = mysql_select_db(DB_DATABASE) or die("Couldn't select database!");

//This function is from online source.

//Function to sanitize values received from the form. Prevents SQL injection

function clean($str) {

	$str = @ trim($str);

	if (get_magic_quotes_gpc()) {

		$str = stripslashes($str);

	}

	return mysql_real_escape_string($str);

}



	//Sanitize the POST values

	$fname = clean($_POST['fname']);

	$lname = clean($_POST['lname']);

	$userid = clean($_POST['userid']);

	$password = clean($_POST['password']);

	$cpassword = clean($_POST['cpassword']);
	$address = clean($_POST['address']);

	$city = clean($_POST['city']);

	$country = clean($_POST['country']);

	$zipcode = clean($_POST['zipcode']);

	$email = clean($_POST['email']);



//Input Validations

if ($fname == '') {

	$errmsg_arr[] = 'First name missing';

	$errflag = true;

}

if ($lname == '') {

	$errmsg_arr[] = 'Last name missing';

	$errflag = true;

}

if ($email == '') {

	$errmsg_arr[] = 'E-mail is missing';

	$errflag = true;

}
if ($address == '') {

	$errmsg_arr[] = 'Address line is missing';

	$errflag = true;

}
if ($city == '') {

	$errmsg_arr[] = 'City is missing';

	$errflag = true;

}
if ($zipcode == '') {

	$errmsg_arr[] = 'Zip code is missing';

	$errflag = true;

}
if ($country == '') {

	$errmsg_arr[] = 'Country is missing';

	$errflag = true;

}
if ($userid == '') {

	$errmsg_arr[] = 'Login name is missing';

	$errflag = true;

}

if ($password == '') {

	$errmsg_arr[] = 'Password missing';

	$errflag = true;

}

if ($cpassword == '') {

	$errmsg_arr[] = 'Confirm password missing';

	$errflag = true;

}

if (strcmp($password, $cpassword) != 0) {

	$errmsg_arr[] = 'Passwords do not match';

	$errflag = true;

}

//Check for duplicate login ID

if ($userid != '') {

	$qry = "SELECT * FROM member_details WHERE userid='$userid'";

	$result = mysql_query($qry);

	if ($result) {

		if (mysql_num_rows($result) > 0) {

			$errmsg_arr[] = 'Login ID already in use';

			$errflag = true;

		}

		@ mysql_free_result($result);

	} else {

		die("Query failed");

	}

}

//If there are input validations, redirect back to the registration form

if ($errflag) {

	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;

	session_write_close();

	header("location: register-form.php");

	exit ();

}

//Insert inside member_details table
$result = @ mysql_query("INSERT INTO member_details(userid, email, password, address, city, zipcode,

 fname, lname, country) VALUES ('$userid','$email','$password', '$address', '$city', '$zipcode', '$fname', '$lname', '$country') ");

if ($result) {

	header("location: register-success.php");

	exit ();

} else {

	die("Query failed");

}
?>